Legal claims defining the scope of protection. Each claim is shown in both the original legal language and a plain English translation.
1. A method of vulnerability analysis of a deployed program, the method comprising: receiving a binary program under analysis (BPUA) derived from the deployed program; analyzing input/output (I/O) behavior of the deployed program; discovering inputs to the deployed program based on application of two or more exploration techniques to the BPUA and analysis of the I/O behavior, the inputs including a first set of inputs discovered during a symbolic execution process, a second set of inputs discovered during a side-channel input generation, and a third set of inputs from an I/O state machine module (stateful model) generation process; determining which of the inputs are negative inputs, the negative inputs including a portion of the inputs that trigger a response that includes a vulnerability of the deployed program; based on the negative inputs and triggered responses, developing a patch for the deployed program that modifies the deployed program to process at least some of the negative inputs without triggering a response that includes the vulnerability; and automatically dispatching the patch to the deployed program.
A system automatically analyzes a running program for vulnerabilities and patches them. It first analyzes the program's input/output behavior. Then, it uses multiple techniques like symbolic execution, side-channel analysis, and I/O state machine learning to discover program inputs. The system identifies "negative inputs" that trigger vulnerabilities. Based on these negative inputs and triggered responses, the system creates a patch that modifies the program to handle these inputs without causing the vulnerability. Finally, the system automatically deploys this patch to the running program.
2. The method of claim 1 , further comprising: determining which of the inputs are positive inputs, the positive inputs including a portion of the inputs that trigger responses that do not include a vulnerability of the deployed program; associating each of the negative inputs and each of the positive inputs with the response that is triggered in the deployed program; storing each of the negative inputs and associated response as negative test cases in a test database; and storing each of the positive inputs and associated response as positive test cases in the test database.
The vulnerability analysis system also identifies "positive inputs" that don't cause vulnerabilities. It associates both positive and negative inputs with the program's responses they trigger. These input-response pairs are stored as test cases (positive and negative) in a test database. This allows for a comprehensive record of program behavior under various inputs. The system therefore builds a test suite to identify vulnerabilities and expected program behavior.
3. The method of claim 2 , further comprising generating an overall fitness function based on the positive test cases and negative test cases, wherein the patch includes a mutation to the deployed program based on the fitness function and genetic programming.
To improve patch generation, the system builds a fitness function based on both positive and negative test cases previously stored in a test database. The patch is then created as a mutation to the program's code, guided by this fitness function, using genetic programming techniques. This means the patch is evolved to satisfy both passing positive test cases (correct behavior) and preventing negative test cases (vulnerabilities) from triggering, thus creating a balanced and effective repair.
4. The method of claim 2 , further comprising testing the patch using the positive test cases and negative test cases before automatically dispatching the patch to the deployed program.
Before deploying the generated patch to the running program, the system rigorously tests it using the positive and negative test cases that are stored in a test database. This ensures that the patch not only fixes the identified vulnerability (negative test cases) but also doesn't break existing functionality or introduce new issues (positive test cases). Only after passing these tests, the patch is automatically deployed.
5. The method of claim 1 , further comprising: further discovering additional inputs using one or more fuzzers; and determining which of the additional inputs are negative inputs.
The vulnerability analysis system further enhances input discovery by incorporating fuzzing techniques. In addition to symbolic execution, side-channel analysis, and I/O state machine generation, the system uses one or more fuzzers to generate additional program inputs. It then determines which of these fuzzed inputs are also "negative inputs," meaning they trigger vulnerabilities, and uses this information in the patch generation process. This adds a level of randomness and increases the chances of discovering edge-case vulnerabilities.
6. The method of claim 1 , wherein the vulnerability includes a memory corruption error, a buffer overflow, a software crash, and an arithmetic error.
The vulnerabilities targeted by this system include common software errors such as memory corruption errors, buffer overflows, software crashes, and arithmetic errors. The system is designed to detect and automatically patch these types of vulnerabilities in the running program by analyzing its input/output behavior and generating appropriate fixes.
7. The method of claim 1 , wherein: the exploration techniques include symbolic execution of the BPUA and a side-channel input generation process for unknown program behavior; and the I/O behavior includes console interactions of a user with the deployed program and captured network traffic communicated with the deployed program.
The system uses specific exploration techniques to find program inputs. Symbolic execution is used to analyze the program's logic, and side-channel input generation targets unknown program behavior by observing execution characteristics. The system analyzes I/O behavior by monitoring console interactions between the user and the program, as well as capturing network traffic communicated with the program. This combined approach allows the system to understand a wide range of program interactions and potential attack vectors.
8. The method of claim 1 , wherein the discovering inputs includes: comparing the first set of inputs, the second set of inputs, and the third set of inputs to determine which of the inputs are not included in all of the first set of inputs, the second set of inputs, and the third set of inputs; for one or more of the inputs omitted from the second set of inputs, generating a set of prefixes of omitted inputs and using the set of prefixes in the side-channel input generation as bases to discover one or more other inputs; and for one or more of the inputs omitted from the first set of inputs, incorporating the omitted inputs in the stateful model.
The system compares the inputs discovered using symbolic execution, side-channel analysis, and I/O state machine generation to identify unique inputs. For inputs missing from the side-channel analysis results, the system generates prefixes of those inputs and uses them as bases for further side-channel input generation, exploring related input space. For inputs missing from the symbolic execution results, the system incorporates those omitted inputs into the I/O stateful model, improving the model's completeness and accuracy.
9. The method of claim 1 , further comprising developing the stateful model that represents, at an abstract level, the I/O behavior of the BPUA that has been learned to that point, wherein the stateful model is a basis of patch development using a genetic programming-based repair framework.
The system develops a stateful model, representing the program's I/O behavior at an abstract level based on observed interactions. This model serves as the basis for patch development within a genetic programming-based repair framework. By understanding the program's expected I/O sequences, the system can more effectively generate patches that maintain correct behavior while mitigating vulnerabilities. The stateful model provides context for patch development.
10. The method of claim 1 , wherein the analyzing the I/O behavior, the discovering inputs, the determining, the developing the patch, and the dispatching occur while the deployed program is running.
The entire vulnerability analysis and patching process, from analyzing I/O behavior and discovering inputs to developing and dispatching the patch, occurs while the program is actively running. This allows for real-time vulnerability mitigation without requiring program downtime or restarts. The system dynamically analyzes and repairs the program while it continues to execute its intended functions.
11. One or more non-transitory computer-readable media having encoded therein programming code executable by one or more processors to perform operations, the operations comprising: receiving a binary program under analysis (BPUA) derived from a deployed program; analyzing input/output (I/O) behavior of the deployed program; discovering inputs to the deployed program based on application of two or more exploration techniques to the BPUA and analysis of the I/O behavior, the inputs including a first set of inputs discovered during a symbolic execution process, a second set of inputs discovered during a side-channel input generation, and a third set of inputs from an I/O state machine module (stateful model) generation process; determining which of the inputs are negative inputs, the negative inputs including a portion of the inputs that trigger a response that includes a vulnerability of the deployed program; based on the negative inputs and triggered responses, developing a patch for the deployed program that modifies the deployed program to process at least some of the negative inputs without triggering a response that includes the vulnerability; and automatically dispatching the patch to the deployed program.
This describes a non-transitory computer-readable medium (e.g., a hard drive, flash drive) containing instructions that, when executed by a computer, cause the computer to perform a vulnerability analysis and patching method on a running program. It first analyzes the program's input/output behavior. Then, it uses multiple techniques like symbolic execution, side-channel analysis, and I/O state machine learning to discover program inputs. The system identifies "negative inputs" that trigger vulnerabilities. Based on these negative inputs and triggered responses, the system creates a patch that modifies the program to handle these inputs without causing the vulnerability. Finally, the system automatically deploys this patch to the running program.
12. The non-transitory computer-readable media of claim 11 , wherein the operations further comprise: determining which of the inputs are positive inputs, the positive inputs including a portion of the inputs that trigger responses that do not include a vulnerability of the deployed program; associating each of the negative inputs and each of the positive inputs with the response that is triggered in the deployed program; storing each of the negative inputs and associated response as negative test cases in a test database; and storing each of the positive inputs and associated response as positive test cases in the test database.
This expands on the computer-readable medium described previously. The instructions further cause the computer to identify "positive inputs" that don't cause vulnerabilities. It associates both positive and negative inputs with the program's responses they trigger. These input-response pairs are stored as test cases (positive and negative) in a test database. This allows for a comprehensive record of program behavior under various inputs. The system therefore builds a test suite to identify vulnerabilities and expected program behavior.
13. The non-transitory computer-readable media of claim 12 , wherein the operations further comprise generating an overall fitness function based on the positive test cases and negative test cases, wherein the patch includes a mutation to the deployed program based on the fitness function and genetic programming.
This further expands on the computer-readable medium. The instructions cause the computer to build a fitness function based on both positive and negative test cases previously stored in a test database. The patch is then created as a mutation to the program's code, guided by this fitness function, using genetic programming techniques. This means the patch is evolved to satisfy both passing positive test cases (correct behavior) and preventing negative test cases (vulnerabilities) from triggering, thus creating a balanced and effective repair.
14. The non-transitory computer-readable media of claim 12 , wherein the operations further comprise testing the patch using the positive test cases and negative test cases before automatically dispatching the patch to the deployed program.
This expands on the computer-readable medium. The instructions cause the computer to rigorously test the generated patch, using positive and negative test cases that are stored in a test database, before deploying it to the running program. This ensures that the patch not only fixes the identified vulnerability (negative test cases) but also doesn't break existing functionality or introduce new issues (positive test cases). Only after passing these tests, the patch is automatically deployed.
15. The non-transitory computer-readable media of claim 11 , wherein the operations further comprise: further discovering additional inputs using one or more fuzzers; and determining which of the additional inputs are negative inputs.
The computer-readable medium's instructions further enhance input discovery by incorporating fuzzing techniques. In addition to symbolic execution, side-channel analysis, and I/O state machine generation, the system uses one or more fuzzers to generate additional program inputs. It then determines which of these fuzzed inputs are also "negative inputs," meaning they trigger vulnerabilities, and uses this information in the patch generation process. This adds a level of randomness and increases the chances of discovering edge-case vulnerabilities.
16. The non-transitory computer-readable media of claim 11 , wherein the vulnerability includes a memory corruption error, a buffer overflow, a software crash, and an arithmetic error.
The vulnerabilities targeted by this computer-readable medium include common software errors such as memory corruption errors, buffer overflows, software crashes, and arithmetic errors. The system is designed to detect and automatically patch these types of vulnerabilities in the running program by analyzing its input/output behavior and generating appropriate fixes.
17. The non-transitory computer-readable media of claim 11 , wherein: the exploration techniques include symbolic execution of the BPUA and a side-channel input generation process for unknown program behavior; and the I/O behavior includes console interactions of a user with the deployed program and captured network traffic communicated with the deployed program.
The computer-readable medium's instructions cause the system to use specific exploration techniques to find program inputs. Symbolic execution is used to analyze the program's logic, and side-channel input generation targets unknown program behavior by observing execution characteristics. The system analyzes I/O behavior by monitoring console interactions between the user and the program, as well as capturing network traffic communicated with the program. This combined approach allows the system to understand a wide range of program interactions and potential attack vectors.
18. The non-transitory computer-readable media of claim 11 , wherein the discovering inputs includes: comparing the first set of inputs, the second set of inputs, and the third set of inputs to determine which of the inputs are not included in all of the first set of inputs, the second set of inputs, and the third set of inputs; for one or more of the inputs omitted from the second set of inputs, generating a set of prefixes of omitted inputs and using the set of prefixes in the side-channel input generation as bases to discover one or more other inputs; and for one or more of the inputs omitted from the first set of inputs, incorporating the omitted inputs in the stateful model.
The computer-readable medium's instructions cause the system to compare the inputs discovered using symbolic execution, side-channel analysis, and I/O state machine generation to identify unique inputs. For inputs missing from the side-channel analysis results, the system generates prefixes of those inputs and uses them as bases for further side-channel input generation, exploring related input space. For inputs missing from the symbolic execution results, the system incorporates those omitted inputs into the I/O stateful model, improving the model's completeness and accuracy.
19. The non-transitory computer-readable media of claim 11 , wherein the operations further comprise developing the stateful model that represents, at an abstract level, the I/O behavior of the BPUA that has been learned to that point, wherein the stateful model is a basis of patch development using a genetic programming-based repair framework.
The computer-readable medium's instructions cause the system to develop a stateful model, representing the program's I/O behavior at an abstract level based on observed interactions. This model serves as the basis for patch development within a genetic programming-based repair framework. By understanding the program's expected I/O sequences, the system can more effectively generate patches that maintain correct behavior while mitigating vulnerabilities. The stateful model provides context for patch development.
20. The non-transitory computer-readable media of claim 11 , wherein the analyzing the I/O behavior, the discovering inputs, the determining, the developing the patch, and the dispatching occur while the deployed program is running.
The computer-readable medium's instructions cause the entire vulnerability analysis and patching process, from analyzing I/O behavior and discovering inputs to developing and dispatching the patch, to occur while the program is actively running. This allows for real-time vulnerability mitigation without requiring program downtime or restarts. The system dynamically analyzes and repairs the program while it continues to execute its intended functions.
Unknown
September 19, 2017
Browse 5M+ US patents with plain-English claim translations and AI-generated analysis.